Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer program product including one or more computer readable storage mediums collectively storing program instructions for user identification and authentication that are executable by a processor or programmable circuitry to cause the processor or programmable circuitry to perform operations comprising: configuring a plurality of identification (ID) federations between a federation server and a plurality of applications such that each ID federation is between the federation server and one of the plurality of applications; receiving a first authentication request for authenticating a first user who has been authenticated on a first application among the plurality of applications with a first user ID using an ID federation between the first application and the federation server from among the plurality of ID federations; checking the first user ID to determine that the first user is authorized to access information of a second user on a second application among the plurality of applications; and sending a second authentication request to a second application among the plurality of applications, the second authentication request for authenticating the first user with a second user ID, which is associated with the second user, using an ID federation between the federation server and the second application from among the plurality of ID federations.
This invention relates to user identification and authentication systems, specifically addressing challenges in securely managing cross-application access within federated identity environments. The system involves a federation server that establishes multiple identity federations, each linking the server to a distinct application. When a user authenticated on one application (the first application) requests access to another application (the second application), the federation server verifies the user's authorization to view the second user's data on the second application. Upon confirmation, the server initiates a new authentication request to the second application, using a second user ID associated with the second user. This approach enables seamless and secure cross-application authentication while maintaining proper access controls. The system ensures that users can transition between applications without repeated logins, while still enforcing authorization checks to protect sensitive data. The solution is particularly useful in environments where multiple applications share user data but require independent authentication mechanisms.
2. The computer program product according to claim 1 , wherein the receiving includes receiving an identification of the second application with the first authentication request.
A system and method for secure application authentication involves a first application generating a first authentication request to authenticate a user for access to a second application. The first authentication request includes an identification of the second application, allowing the authentication system to determine the target application for which authentication is being requested. The system verifies the user's credentials and, upon successful authentication, generates an authentication token. This token is then transmitted to the second application, enabling the user to access the second application without requiring separate authentication. The system ensures secure communication between the applications and the authentication service, preventing unauthorized access. The identification of the second application in the authentication request ensures that the authentication token is correctly routed and used only for the intended application, enhancing security and reducing the risk of token misuse. This approach streamlines the authentication process while maintaining robust security measures.
3. The computer program product according to claim 2 , wherein the sending includes sending the second authentication request in response to determining that the first user is authorized to access information of the second user ID.
This invention relates to a computer program product for managing user authentication in a system where one user may access information of another user. The problem addressed is ensuring secure and authorized access to user data while minimizing unnecessary authentication steps. The system involves a first user attempting to access information associated with a second user. The computer program product includes instructions for receiving a first authentication request from the first user, verifying the first user's credentials, and determining whether the first user is authorized to access the second user's information. If authorized, the program sends a second authentication request to the second user, prompting them to confirm or deny the access request. The second user's response is then processed to grant or deny the access. This two-step authentication process ensures that both the requesting user and the data owner are involved in the authorization decision, enhancing security and user control over their data. The system may also include additional features such as logging access attempts and notifying users of unauthorized requests. The invention is particularly useful in applications where data privacy and consent are critical, such as social networks, cloud storage, or enterprise systems.
4. The computer program product according to claim 1 , wherein the sending includes sending authority information of the first user ID.
A system and method for secure user authentication and authorization in a distributed computing environment addresses the challenge of verifying user identities and permissions across multiple systems without compromising security. The invention involves a computer program product that facilitates the transmission of authentication and authorization data between systems, ensuring that user credentials and access rights are accurately verified. Specifically, the system includes a mechanism for sending authority information associated with a first user ID, which enables downstream systems to validate the user's permissions before granting access to resources. This authority information may include role-based access controls, privilege levels, or other security attributes that define the user's authorized actions within the system. By transmitting this information securely, the invention prevents unauthorized access while maintaining efficient authentication workflows. The system may also integrate with existing identity management frameworks to enhance compatibility and scalability. The solution is particularly useful in cloud computing, enterprise networks, and multi-tenant environments where secure and dynamic access control is critical.
5. The computer program product according to claim 1 , wherein the first user ID includes a user ID of the first user, or, an identification of the first application.
A system and method for managing user identities and application interactions in a computing environment. The technology addresses the challenge of securely and efficiently identifying users and applications within a networked system, particularly in scenarios where multiple users or applications may interact with shared resources. The invention provides a mechanism to associate a first user ID with either a specific user or an application, enabling flexible and secure authentication and authorization processes. The first user ID can be dynamically linked to either a user identity or an application identifier, allowing the system to adapt to different operational contexts. This approach enhances security by ensuring that access controls are properly enforced, whether the interaction involves a human user or an automated application. The system may also include additional features such as logging, monitoring, and access control enforcement based on the identified user or application. By distinguishing between user and application identities, the invention improves the accuracy and reliability of access management in complex computing environments.
6. The computer program product according to claim 2 , wherein the checking includes: obtaining condition information; and checking whether the first user ID, the second application, and the second user ID satisfy a condition defined in the condition information.
This invention relates to a computer program product for verifying user access permissions in a multi-user application environment. The problem addressed is ensuring secure and controlled access to applications by validating user identities and permissions before granting access. The invention involves a system that checks whether a first user ID, a second application, and a second user ID meet predefined conditions before allowing access. The checking process includes obtaining condition information, which defines the rules or criteria for access. The system then verifies whether the combination of the first user ID, the second application, and the second user ID satisfies these conditions. This ensures that only authorized users can access specific applications under the correct conditions, enhancing security and preventing unauthorized access. The condition information may include rules such as role-based access control, time-based restrictions, or dependency checks between users and applications. By dynamically evaluating these conditions, the system provides a flexible and secure way to manage access permissions in complex environments. This approach is particularly useful in systems where multiple users interact with different applications, and access must be carefully controlled to maintain security and compliance.
7. The computer program product according to claim 6 , wherein the condition information includes at least one of a time when the information of the second user ID is recorded on the second application, and a record of the information of the second user ID on the second application.
This invention relates to a computer program product for managing user identity information across multiple applications. The problem addressed is the lack of synchronization between user identities in different applications, leading to inconsistencies and difficulties in tracking user activity. The invention involves a system that records and manages information about user identities (user IDs) in a first application and a second application. When a user ID is recorded in the second application, the system generates condition information that includes either the time of recording or a record of the user ID in the second application. This condition information is then used to determine whether the user ID in the second application matches or is related to a user ID in the first application. The system can also verify the validity of the user ID in the second application based on this condition information. The invention ensures that user identities are properly linked or verified across different applications, improving data consistency and user tracking. The condition information helps establish a relationship between user IDs in different applications, allowing for more accurate identity management. This is particularly useful in scenarios where user identities need to be synchronized or validated across multiple platforms.
8. The computer program product according to claim 6 , wherein the processor or programmable circuitry perform further operations comprising: receiving an authorization of the second user from a client computer of the second user; and updating the condition information to reflect the authorization of the second user.
This invention relates to a computer program product for managing user authorizations in a digital system. The system addresses the problem of securely and efficiently handling authorization requests between users, particularly in scenarios where one user needs to obtain permission from another user before accessing or modifying certain data or resources. The computer program product includes a processor or programmable circuitry that performs operations to facilitate this authorization process. The system receives an authorization request from a first user, where the request pertains to a second user who must grant permission for the action to proceed. The system then generates a notification for the second user, prompting them to review and approve or deny the request. The notification is sent to a client computer associated with the second user, where the second user can provide their authorization or rejection. Upon receiving the authorization from the second user, the system updates condition information stored in the system to reflect this approval. This updated condition information ensures that subsequent operations or access requests are processed in accordance with the granted authorization. The system may also handle cases where the second user denies the request, updating the condition information accordingly to prevent unauthorized actions. The invention improves security and efficiency in digital systems by providing a structured and verifiable process for obtaining user authorizations, reducing the risk of unauthorized access while ensuring transparency in the authorization workflow.
9. The computer program product according to claim 8 , wherein the receiving a first authentication request comprises receiving the first authentication request from the first application.
This invention relates to a computer program product for secure authentication in a multi-application environment. The problem addressed is the need for secure and efficient authentication processes when multiple applications require access to a user's credentials or resources. The solution involves a system where a first application initiates an authentication request, which is received by a central authentication module. This module then generates a first authentication token based on the request and transmits it to a second application. The second application uses this token to authenticate with a third-party service, ensuring secure access without exposing the user's credentials directly. The system also includes mechanisms to validate the token and manage authentication sessions, improving security and reducing the risk of credential theft or unauthorized access. The invention focuses on streamlining authentication flows across different applications while maintaining robust security protocols.
10. The computer program product according to claim 6 , wherein the processor or programmable circuitry perform further operations comprising: receiving an authorization of the second user from the first application.
A system and method for secure user authorization in a multi-application environment addresses challenges in verifying user identity across different applications while maintaining security and usability. The invention involves a processor or programmable circuitry that facilitates secure interactions between a first application and a second application, where the first application requests authorization from a second user. The system ensures that the second user's authorization is properly validated before granting access or performing actions in the second application. This process may include verifying the user's identity, confirming consent, or ensuring compliance with security protocols. The invention enhances security by preventing unauthorized access while streamlining the authorization workflow between applications. The solution is particularly useful in scenarios where multiple applications need to collaborate securely, such as in financial transactions, data sharing, or access control systems. The system may also include additional features like logging authorization events, encrypting data, or enforcing multi-factor authentication to further strengthen security. By integrating these operations, the invention provides a robust framework for managing user authorizations in a distributed application environment.
11. The computer program product according to claim 10 , wherein the authorization of the second user includes a password input by the second user.
A system and method for secure user authorization in a computing environment involves verifying the identity of a second user before granting access to a restricted resource. The system includes a first computing device associated with a first user and a second computing device associated with the second user. The first computing device generates a request to authorize the second user, which is then transmitted to the second computing device. The second computing device prompts the second user to provide authorization credentials, such as a password, which are then transmitted back to the first computing device. The first computing device verifies the credentials against stored authentication data to confirm the second user's identity. Upon successful verification, the first computing device grants the second user access to the restricted resource. This process ensures that only authorized users can access sensitive information or perform specific actions, enhancing security in collaborative or multi-user computing environments. The system may also include additional security measures, such as encryption of transmitted data, to further protect the authorization process. The method is particularly useful in scenarios where secure access control is required, such as in financial transactions, confidential data sharing, or privileged system operations.
12. An apparatus for user identification and authentication, comprising: a processor or programmable circuitry operably coupled to a memory, the memory storing program instructions that are executable to cause the processor or programmable circuitry to perform operations comprising: configuring a plurality of identification (ID) federations between a federation server and a plurality of applications such that each ID federation is between the federation server and one of the plurality of applications; receiving a first authentication request for authenticating a first user who has been authenticated on a first application among the plurality of applications with a first user ID using an ID federation between the first application and the federation server from among the plurality of ID federations; checking the first user ID to determine that the first user is authorized to access information of a second user on a second application among the plurality of applications; and sending a second authentication request to a second application among the plurality of applications, the second authentication request for authenticating the first user with a second user ID, which is associated with the second user, using an ID federation between the federation server and the second application from among the plurality of ID federations.
The apparatus is designed for user identification and authentication across multiple applications using federated identity management. The system addresses the challenge of securely authenticating users across different applications while maintaining proper access controls and user identity consistency. A federation server manages multiple identity federations, each linking the server to a distinct application. When a user authenticated on one application requests access to another application, the system verifies the user's authorization to access another user's information. Upon confirmation, the federation server initiates authentication for the user on the second application using the appropriate federated identity. This ensures seamless and secure cross-application access while enforcing proper identity and access management policies. The system leverages federated identity protocols to maintain consistent authentication across diverse applications, reducing the need for redundant login processes while enhancing security and user experience.
13. A system for user identification and authentication, comprising: a first application server operable to execute a first application; a second application server operable to execute a second application a processor or programmable circuitry operably coupled to a memory, the memory storing program instructions that are executable to cause the processor or programmable circuitry to perform operations comprising: configuring a plurality of identification (ID) federations between a federation server and a plurality of applications such that each ID federation is between the federation server and one of the plurality of applications; receiving a first authentication request for authenticating a first user who has been authenticated on the first application among the plurality of applications with a first user ID using an ID federation between the first application and the federation server from among the plurality of ID federations; checking the first user ID to determine that the first user is authorized to access information of a second user on the second application among the plurality of applications; and sending a second authentication request to a second application among the plurality of applications, the second authentication request for authenticating the first user with a second user ID, which is associated with the second user, using an ID federation between the federation server and the second application from among the plurality of ID federations.
The system enables secure user identification and authentication across multiple applications through federated identity management. The problem addressed is the lack of seamless and secure authentication when users need to access different applications, often requiring separate logins or credentials. The system includes a federation server that manages multiple identity federations, each linking the server to a distinct application. When a user authenticated on a first application requests access to a second application, the system verifies the user's authorization to access the second user's information. The federation server then sends an authentication request to the second application, using the user's second user ID associated with the second application. This allows the user to access the second application without re-authenticating, leveraging existing authentication credentials from the first application. The system ensures secure and efficient cross-application authentication by maintaining separate identity federations for each application, reducing the need for multiple logins and enhancing user experience while maintaining security.
14. The system according to claim 13 , wherein the second application server is configured to: receive the second authentication request from the apparatus; and send a notification to a client computer of the second user in response to receiving the second authentication request from the apparatus.
This invention relates to a system for secure authentication and notification in a multi-server environment. The system addresses the problem of securely verifying user identities and notifying users of authentication attempts in distributed computing environments, particularly where multiple servers are involved in the authentication process. The system includes a first application server that receives an initial authentication request from a user apparatus and a second application server that handles subsequent authentication steps. The second application server is configured to receive a second authentication request from the apparatus and, in response, send a notification to a client computer associated with the second user. This notification alerts the second user of the authentication attempt, enhancing security by providing real-time awareness of access requests. The system ensures that authentication requests are properly routed and processed across multiple servers while maintaining secure communication channels. The notification mechanism helps prevent unauthorized access by allowing users to verify and respond to authentication attempts in real time. This approach improves security in distributed systems by combining multi-server authentication with user notification features.
15. The system according to claim 13 , wherein the second application server is configured to: receive the second authentication request from the apparatus; authorize reading of the information of the second user on the second application; and prohibit writing of the information of the second user on the second application in response to receiving the second authentication request from the apparatus.
This invention relates to a system for managing user authentication and access control in a distributed computing environment. The system addresses the challenge of securely granting selective read and write permissions to user data across multiple applications while maintaining data integrity and security. The system includes a first application server and a second application server, each hosting distinct applications that store user information. The first application server is configured to receive a first authentication request from a user apparatus and authorize both reading and writing of the first user's information on the first application. The second application server is configured to receive a second authentication request from the same apparatus and authorize only reading of the second user's information on the second application, while prohibiting any writing operations. This selective access control ensures that users can interact with multiple applications while restricting unauthorized modifications to sensitive data. The system dynamically enforces access policies based on authentication requests, allowing different levels of access to user information across applications. This approach enhances security by preventing unauthorized data alterations while still enabling necessary read operations. The invention is particularly useful in environments where multiple applications share user data but require different access privileges.
Unknown
April 28, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.